Introduction to the digital signature technology on the Net Platform
Source: Internet
Author: User
Important objects in CAPICOM are used as follows, and only these objects are used:
CAPICOM. Store // certificate library object
CAPICOM. Certificates // certificate set object
CAPICOM. Certificate // a single certificate object
CAPICOM. Signer // recipient
CAPICOM. signeddata (top priority) // signed data
Because the signature is completed on the client, you can only use the client script to write the signature (taking VBScript as an example ):
Set ostore = Createobject ("CAPICOM. Store ")
Ostore. Open capicom_current_user_store, capicom_my_store, capicom_store_open_read_only or capicom_store_open_existing_only
// Open the local certificate library. The parameter meaning is not described in detail.
Set ostorecerts = Createobject ("CAPICOM. Certificates ")
Set ostorecerts = ostore. Certificates
Ostorecerts. Find (capicom_certifica
Te_find_key_usage,
Capicom_digital_signature_key _
Usage, true) // place the certificate in the local certificate library to a certificate chain
Set ocert = Createobject ("CAPICOM. Certificate ")
Set ocerts = Createobject ("CAPICOM. Certificates ")
For each ocert in ostorecerts
If Len (ocert. getinfo (capicom_cert_info_subject_email_name)> 0
Then
Ocerts. Add ocert
End if
Next // locate a valid certificate and put it in another certificate chain object
Set osignercert = Createobject ("CAPICOM. Certificate ")
If ocerts. Count = 1 then
Set osignercert = ocerts (1)
Else
Set oselects = Createobject ("CAPICOM. Certificates ")
Set oselects = ocerts. Select ()
Set osignercert = oselects (1)
// Obtain the certificate selected by the user. If multiple valid certificates exist, a dialog box is displayed for the user to select
Set osigner = Createobject ("CAPICOM. signer ")
Osigner. Certificate = osignercert
// Specify the signer and the certificate used for signature by the signer
Set osigneddata = Createobject ("CAPICOM. signeddata ")
Osigneddata. content = dataneedsign (data to be signed)
// Define the signature data object and specify the data to be signed. What is the content of dataneedsign,
Depends on your situation.
Signedresult (Signed Data) = osigneddata. Sign (osigner)
// The signature is complete. signedresult and dataneedsign are sent to the other party at the same time.
Now, if Party B receives signedresult and dataneedsign
CAPICOM. signeddata S = new CAPICOM. signeddataclass ();
S. Verify (information, false, CAPICOM. capicom_signed _
Data_verify_flag.capicom _
Verify_signature_and_cert
Ificate); // identity authentication.
If (S. content = dataneedsign)
Prompt that the data is complete! // Integrity confirmation
// Assume that Party B verifies the data on our platform (Disadvantage: it cannot be controlled if the data is changed during data download, but for some reason, this step can only be done, if you want to verify on client B, you can also. But the script changes a bit .)
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
